System and method for secure wall

ABSTRACT

A security wall, such as a firewall and a viruswall, is built easily which does not require firewall-dedicated hardware or viruswall-dedicated hardware nor, in a mobile information processing device, mobile terminal-dedicated hardware. For this purpose, on a single information processing device, a plurality of separate LAN segments are realized and data from an external network such as the Internet is forced to pass through the multiple LAN segments before it reaches a user system in order to reinforce the system against external attacks. The security wall system is made portable so that the firewall and the viruswall can be executed at the same time, strengthening the security of the mobile information processing device.

BACKGROUND OF THE INVENTION

[0001] The present invention relates to a security wall system in aninformation processing system and more particularly to a security wallsystem for protecting user systems against unauthorized accesses vianetworks and attacks using computer viruses.

[0002] With the ever-widening prevalence of the Internet, protectionagainst attacks on corporate systems via the Internet and againstreception of mails implanted with viruses has gained an increasingimportance. It is also important for low-cost servers to be able toprotect systems efficiently against attacks via the Internet withoutadding special hardware and, as mobile client terminals are coming intowide use in recent years, to provide these terminals with security witha reasonable cost performance.

[0003]FIG. 2 illustrates connections of a corporate network usingconventional technologies. FIG. 3 illustrates how a mobile terminal isconnected to a network. In conventional technologies, when a user system201 is connected to an external communication network 200 such as theInternet through a LAN, a front end device such as a firewall server 202is situated in front of the user system 201 (Web server 204, mail server205, etc.), as shown in FIG. 2, to prevent an inundation of unsolicitedpackets from the external network 200 (e.g., the Internet), a tamperingof files and an infiltration of computer viruses.

SUMMARY OF THE INVENTION

[0004] A user needs to purchase and install, in addition to an intendeduser system 201, as many sets of hardware or front end devices,including firewall servers 202 and viruswall servers 203, as securitywalls. Further, if the security such as a firewall server 202 should bebroken, the user system (Web server 204, mail server 205, etc.) willsustain catastrophic damages, such as performance degradation and filedestruction.

[0005] Further, the mobile terminal 304, as shown in FIG. 3, connects toa server group (FTP (File Transfer Protocol) server 301, Web server 302,etc.) via a service provider 303 without using a front end device suchas firewall server 202. In this case, while the server side (a group ofservers in the user system 201) is provided with a firewall server 305,the mobile terminal 304 as a user system 201A is directly connected to anetwork 300 such as the Internet, so that the mobile terminal 304 is notprotected against attacks from outside.

[0006] As described earlier, in the conventional technologies there is aproblem that as many sets of hardware as the security walls need to bepurchased and installed. If the security wall should be broken, the usersystem will be directly exposed to attacks. Further, when a mobileterminal away from home or office is to be connected to an open networksuch as the Internet, the connection is not protected by a security walland the mobile terminal is vulnerable to external attacks.

[0007] It is therefore an object of the present invention to solve theseproblems experienced with the conventional technologies and provide asecurity wall system and a program for the same which do not needfirewall-dedicated hardware nor mobile terminal-dedicated hardware;which can block unauthorized accesses that have infiltrated through thefirewall of the front end system and prevent viruses from being embeddedin the system and a tempering of DK data; and which can also protect theuser system from attacks that take advantage of weak points of aparticular operating system.

[0008] The security wall system of this invention comprises: a pluralityof operating systems configured on an information processing device sothat only a front end system can be seen from outside; a plurality ofLAN boards through which data from a network passes before reaching auser system; a multi-OS control program which, when a mail arrives fromthe network, receives a control via the LAN board and transfers thecontrol to a firewall program running on the first operating system,wherein the firewall program checks whether an access is valid and, ifthe access is found invalid, rejects the access and enters an accesswait state, wherein if the access is found valid, the firewall programtransfers the control to the second operating system to cause a viruscheck program running on the second operating system to perform a viruscheck; a shared memory to temporarily store received data when theaccess validity check and virus check performed by the multipleoperating systems find that the received data is normal; and a userterminal connected via one of the LAN boards to the user system andcontrolled by the operating system running on the user system.

[0009] The security protection program of this invention realizes aplurality of separate LAN segments in one and the same informationprocessing device and forces received data from an external network suchas the Internet to pass through these multiple LAN segments before itreaches the user system, thereby augmenting the protection againstexternal attacks. If one of the LAN segments is attacked andinfiltrated, this arrangement prevents damages from affecting the usersystem. Further, provisions are made to allow the firewall and theviruswall to run simultaneously, and the firewall and viruswall programsare made portable strengthen the security of the mobile informationprocessing device. To build multiple LAN segments on one and the samehardware and to allow the firewall, the viruswall and the user system torun on the same hardware, a plurality of operating systems are arrangedto be able to run independently at the same time on one and the samehardware.

[0010] Other objects, features and advantages of the invention willbecome apparent from the following description of the embodiments of theinvention taken in conjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0011]FIG. 1 is a schematic diagram showing an overall configuration ofa security wall system as one embodiment of the present invention.

[0012]FIG. 2 is a schematic diagram showing a configuration of acorporate network using conventional technologies.

[0013]FIG. 3 is a schematic diagram showing how a mobile terminal isconnected to a network using conventional technologies.

[0014]FIG. 4 illustrates a data transfer between a first system and asecond system in FIG. 1.

[0015]FIG. 5 shows an example system configuration covering an externalnetwork and a user system in FIG. 1.

[0016]FIG. 6 is a flow chart for checking mails for virus infection inthis embodiment.

[0017]FIG. 7 is a flow chart of an operation performed when the systemis port scan-attacked from outside.

DESCRIPTION OF THE EMBODIMENTS

[0018] Now, one embodiment of the present invention will be described byreferring to the accompanying drawings and operation flow charts.

[0019]FIG. 1 shows an overall configuration of the security wall systemas one embodiment of the invention. The security wall system of thisinvention in an information processing device 101 comprises a firewallsystem 102 managed by a first operating system, a viruswall system 103managed by a second operating system, a user system 104 managed by athird operating system, a multi-OS control program 105 connected tothese three systems, a hardware platform 106 incorporating a sharedmemory 106A, a LAN board 107, a disk control adapter (DKA) 108 and a LANboard 110, all three divided from each other and subordinate to thehardware platform 106, a disk unit 109 connected to the DKA 108, anduser terminals 111-114 connected to the LAN board 110. The LAN board 107is connected to the Internet 100.

[0020] In this invention, multiple operating systems are run on singlehardware and provisions are made to ensure that only the front endsystem can be seen from outside and that an access from the outside ispassed through an internal virtual LAN segment to the second system,i.e., the viruswall system 103, where an authority of the access ischecked before an affixed file is opened and executed. After the accessis found to be an authorized one, the data is transferred throughanother virtual LAN segment to the user system 111-114. This processblocks unauthorized accesses that have infiltrated through the firewallof the front end system, and thereby prevents an infiltration of virusesand a file tempering on disks. Since the firewall system 102, viruswallsystem 103 and user system 104 can be operated on one and the samehardware, there is no need to install firewall-dedicated hardware norviruswall-dedicated hardware. Also in the mobile terminals, dedicatedhardware is not required.

[0021]FIG. 6 is a flow chart for a virus check performed when an accessis made from an external network to a mail server. In FIG. 1, if theuser system 104 is a mail server, how a mail received from outsidereaches the user client terminals 111-114 will be explained by referringto the flow chart of FIG. 6 and a system configuration of FIG. 1. In await state where no mail is received (step 615), when a mail is receivedfrom outside through the Internet 100 (step 600), a control istransferred from the LAN board 107 via the hardware platform 106 such asCPU to the multi-OS control program 105 (referred to as a nano-kernel).Then, the firewall program 102 running on the first operating systemchecks whether the access is valid or not (step 601). If this checkfinds that the access is unauthorized, the access is rejected (step 602)and the program enters the wait state where it waits for a new access(step 615).

[0022] When on the other hand the access is found valid, received datais stored in the shared memory 106A (step 603) and the control istransferred to the nano-kernel 105 (step 604). Next, the nano-kernel105, upon receiving the control, passes the control to the virus checkprogram 103 as by interrupt (step 605). The virus check program 103performs a virus check on the mail data stored in the shared memory 106A(step 606). If the mail data is found to be infected with a virus, theentire mail is discarded (step 612) and the program enters again intothe wait state where it waits for a new access (step 615). A check isalso made to see if the mail has an attached file (step 607). If so, theattached file is opened and, if it is an executable file, executed (step608) and a check is made on a result of opening or executing theattached file (step 609).

[0023] Here, it is checked whether any unauthorized file access to thedisk unit 109 or any unauthorized memory access occurs. If anunauthorized access should occur, only the second system 103 that isoperating the virus check program is damaged and the third system oruser system 104, the system to be protected, is free from any damage.Then, the mail in question is discarded (step 613) and the viruswall 103of the second system is erased before being loaded again and restarted(step 614). After this, the program enters a wait state where it waitsfor a new access (step 615).

[0024] If no appended file is found by the check on the presence orabsence of an attachment (step 607) or if no anomaly is found by thecheck on the operation of the appended file (step 609), the control istransferred to the nano-kernel 105 (step 610), which in turn informs theuser system 104 operating as the third system that a mail has beenreceived (step 611). In this case, data is transferred through theshared memory 106A. The user system 104 notifies the user clientterminal (e.g., 111), through the LAN board 110 for internal LAN, of anarrival of a mail (step 616) and then enters into a wait state where itwaits for a new access from outside (step 615). While in this embodimentthe external access LAN 107 and the internal access LAN 110 have beendescribed as being separate from each other, they may be formed as anintegral LAN.

[0025]FIG. 4 shows how data is transferred between the first system andthe second system in the information processing device 101 of FIG. 1.Next, a data transfer between two systems and their control will beexplained by referring to FIG. 4. When the number of systems is three ormore, the processing between each of the systems is similarly performed.Data processed by a first system 400 is stored in a shared memory 403that is accessible also from a second system 402. The first system 400sends an interrupt to a multi-OS control program 404 (nano-kernel) toinform it that the data is stored in the shared memory 403. Thenano-kernel 404 sends an interrupt to the second system 402 as if theinterrupt was issued from the LAN board. Next, the second system 402reads the content of the shared memory 403 as the data from the LANboard and processes it. The second system 402 is the viruswall system ofFIG. 1 and there may be two or more second systems, such as 402A and402B, as shown. In this case, too, an interrupt is issued in the sameway as described above.

[0026]FIG. 5 shows a system configuration when multiple layers of checksystem are inserted between an external network 500 and a user system.FIG. 7 is a flow chart of operations performed when the system is portscan-attacked from the external network. In the system configuration ofFIG. 5, the operation performed when there is an unauthorized access(port scan) from the external network 500 will be explained by referringto the flow of FIG. 7. In a wait state where the check system is waitingfor a new access from outside (step 705), when there is an access fromoutside through a logical access path 507 (step 700), a first system 502detects that it is being port-scanned (step 701) and a multi-OS controlprogram 505 (nano-kernel) lowers an execution priority level of thefirst system to the lowest (step 702) to prevent a degradation ofexecutability of other systems.

[0027] Further, the nano-kernel 505 starts a second system 503, builds alogical access path 508 to and from the outside to secure acommunication path with the outside and builds a firewall on this path(step 703). With the communication path established, a communicationwith the outside becomes possible (step 704) and the check system entersinto a wait state where it waits for a new access from the outside (step705). In this way, a dummy system is shown to the outside as a targetfor the unauthorized access to attack. This makes it possible to build asystem which, while being attacked by an unauthorized access from theoutside, can prevent the actual system operation from being affected bythe attack.

[0028] Converting the processing shown in the flow charts of FIG. 6 andFIG. 7 into programs and storing them in storage media such as CD-ROMcan facilitate an implementation of the present invention. That is, byloading the recorded media into an information processing deviceconnected to a network, the programs can be installed and executedeasily in the information processing device.

[0029] Applying the information processing device 101 of FIG. 1 to themobile terminal 304 of FIG. 3 can build a robust security system on themobile terminal. Further, in FIG. 2, applying this invention to the Webserver 204 and the mail server 205 can obviate the firewall server 202and the viruswall server 203 of the front end. In FIG. 5, by increasingthe number of check systems 503 to be put into operation, it is possibleto build a robust security system which, even if the security of thefirst system 502 should be broken by an attack that takes advantage of aweak point of a particular system, can check the unauthorized access bythe subsequent systems 503.

[0030] As described above, with this invention, since a firewall, aviruswall and a user system can be operated on one and the samehardware, there is no need to install firewall-dedicated hardware orviruswall-dedicated hardware, minimizing a redundant investment ofhardware. Further, in mobile terminals, this invention eliminates theneed for dedicated hardware and allows security walls such as a firewalland a viruswall to be built easily.

[0031] Since a plurality of LAN segments can be realized on one and thesame hardware, a plurality of systems can be run independently at thesame time. This means that if a first stage of security wall should bebroken from outside, only that system whose security was broken isvulnerable to attacks and the user system that is situated behind thebroken security wall is free of any damage. The more security walls infront of the user system, the stronger the security of the system willbe.

[0032] It should be further understood by those skilled in the art thatalthough the foregoing description has been made on embodiments of theinvention, the invention is not limited thereto and various changes andmodifications may be made without departing from the spirit of theinvention and the scope of the appended claims.

What is claimed is:
 1. A security wall system in an informationprocessing device connected to a network, comprising: a first operatingsystem for running a secure program to protect a security of theinformation processing device from the network; a second operatingsystem for running network-based user programs; and a multi-OScontroller for controlling independent operations of at least the firstoperating system and the second operating system; whereinsecurity-checked network data is communicated from the first operatingsystem to the second operating system through at least a shared memorymanaged by the multi-OS controller.
 2. A security wall system accordingto claim 1, further comprising: a third operating system for runninganother secure program wherein the secure programs and the user programsare executed on different operating systems.
 3. A security wall systemaccording to claim 2, wherein security-checked network data iscommunicated to the first operating system, the third operating systemand the second operating system in that order through at least a sharedmemory managed by the multi-OS controller.
 4. A security wall system fora network device such as a mail server connected to a network,comprising: a firewall system for protecting a security of aninformation processing device from the network; a viruswall system forperforming a virus check on data from the network; a network system suchas a mail server; a multi-OS controller for controlling the firewallsystem, the viruswall system and the network system so that they can beexecuted on independent operating systems; and a shared memory managedby the multi-OS controller and shared by the multiple operating systems;wherein the firewall system, the viruswall system and the network systemcommunicate network data such as mails to each other through the sharedmemory.
 5. A security wall system according to claim 4, wherein maildata is transferred from the network to the firewall system, theviruswall system and the network system in that order.
 6. A securitywall system according to claim 4, wherein the firewall system, whenaccessed from the network, checks whether an access is an authorized oneor not and, when it decides that the access is an unauthorized one,rejects the access and, when it decides that the access is an authorizedone, communicates the network data to the viruswall system through theshared memory managed by the multi-OS controller.
 7. A security wallsystem according to claim 4, wherein when the firewall system detects aport scan from the network, the multi-OS controller lowers an executionpriority level of the firewall system to the lowest, starts anotherfirewall system and generates another network path.
 8. A security wallsystem according to claim 4, wherein the viruswall system performs avirus check on data received from the network and, when a virus isdetected, discards the received mail and, when the data is found normal,communicates the network data to the network system through the sharedmemory managed by the multi-OS controller.
 9. A security wall systemaccording to claim 4, wherein the viruswall system checks for anyunauthorized operation by the data received from the network and, whenit detects an unauthorized operation, the multi-OS controller reloadsthe viruswall system and the operating system on which to run theviruswall system.
 10. A security wall control method for an informationprocessing device connected to a network, comprising: a step by afirewall system of checking an access from the network, determiningwhether the access is an authorized one or not and, when the access isfound to be normal, transferring network data to a viruswall system; astep by a multi-OS controller of relaying the network data from thefirewall system to the viruswall system; a step by the viruswall systemof receiving the network data from the firewall system, performing asecurity check on the network data and, when the network data is foundto be normal, transferring the network data to a network system such asa mail server; and a step by the multi-OS controller of relaying thenetwork data from the viruswall system to the mail server.
 11. Asecurity wall control method according to claim 10, including: a step ofrejecting an access from the network when the firewall system decidesthat the access from the network is an unauthorized one.
 12. A securitywall control method according to claim 10, including: a step of loweringan execution priority level of the firewall system to the lowest whenthe firewall system detects a port scan from the network; and a step ofstarting another firewall system and generating another network path.13. A security wall control method according to claim 10, including: astep of discarding the network data when the viruswall system detects avirus in the network data.
 14. A security wall control method accordingto claim 10, including: a step of, when the viruswall system detects anunauthorized operation by the network data received from the network,reloading the viruswall system and an operating system on which toexecute the viruswall system